So far, I've been able to get my Box (Centos 5.3) authenticate users through LDAP. My next plan was to automount their home directory from our NAS device.But I'm struggling getting autofs talking to the LDAP Server.My Config Files:
/etc/ldap.conf
[root@tmplt_CentOS-5 ~]# egrep -v '^#|^$?' /etc/ldap.conf
base ou=intern,o=zde,dc=simiangroup,dc=com
[code]....
When ever I have an issue with our LDAP server (which I was able to fix) we see the following errors in /var/log/messages and it causes problems with our services running on that box, e.g. httpd, nrpe, xinetd, etc. Aug 8 17:44:42 hostname httpd: nss_ldap: failed to bind to LDAP server ldap://serveraddress/: Can't contact LDAP server Aug 8 17:44:42 hostname httpd: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... I am only wanting to authenticate SSH and Sudo and not services like httpd, nrpe, xinetd etc.
View 2 Replies View RelatedFriends is there some way to authenticate Microsoft windows users from openldap running on CentOS. I will be very thankful if you provide me step by step procedure.
View 1 Replies View RelatedI did useradd -g users ldaptest and tried logging in remotely but the client always says no such user. what do I have to do to update the users that LDAP sees?
View 2 Replies View RelatedI am still pretty new to centos, and I am having some trouble figuring out why after installing proftpd I can't log in. I am running Centos 5.4 i386. I have gone through and installed the rpm forge and updated yum. I have installed proftpd.i386 0:1.3.2-1.el5.rf With a user name I know works through SSH I am unable to connect to the server on port 21. It makes a connection, but the authentication fails saying that the user name and or password is incorrect.
I opened port 21 to my server on my router, and Just for testing, I have disabled iptables. In the /var/log/secure log I find the following error when I try to connect. [ps: I changed the user name in the log to USERNAME to avoid giving out my id. Also changed the ip I am connecting from to MY_IP_ADDRESS]
May 15 22:43:38 webserver proftpd: pam_unix(proftpd:session): session opened for user USERNAME by (uid=0)
May 15 22:43:38 webserver proftpd: Deprecated pam_stack module called from service "proftpd"
I am attempting to configure vsftpd to allow anonymous users to PUT files into a shared incoming directory. This would be like a dropbox for my customers. Ideally, the incoming directory's contents would not be viewable by the users.
I believe that refused connection is due to the PAM configuration for vsftpd.
May 4 08:03:16 WSVM-S1-1 sshd[1512]: Invalid user anonymous from xxx.xxx.xxx.xxx
May 4 08:03:16 WSVM-S1-1 sshd[1513]: input_userauth_request: invalid user anonymous
May 4 08:03:16 WSVM-S1-1 sshd[1512]: pam_unix(sshd:auth): check pass; user unknown
[Code].....
I'm running into problems adding the required schema for automount and ldap on Centos 5.6 (also tried Centos 5.3)In the last few days I was able to setup LDAP server and get client authentication working. I want to be able to automatically mount users home folders on logon and store the configuration in ldap.I've done the following so far
1) added include in /etc/openldap/slapd.conf to /etc/openldap/schema/redhat/autofs.schema
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/redhat/autofs.schema
using centos 5.2
unbale to start ldap server.
see below info
[root@system ~]# yum install openldap
Loading "fastestmirror" plugin
Loading mirror speeds from cached hostfile
* base:
[Code]....
I've tried to followed exactly the steps in:
[URL]
on how to setup Samba PDC w/ LDAP backend. I've reach far up to page two of the tutorial. However I'm stucked in the middle of the part of page two:
[URL]
in the part of the Start the LDAP Samba installation up and I should type the :
#useradd user1
#smbldap-useradd -a -G 'Domain Users' -m -s /bin/bash -d /home/user2 -F "" -P user1
I get this error:
Error looking for next uid in sambaDomainName=sambaDomain,dc=DOMAINNAME:No such object at /usr/lob/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 1194.why does this appear, Is there any configurations missing?
If I ssh from my laptop (running F10) to the server (centos 5.2) it asks for the password, but everytime I enter the correct password it says incorrect password. when I do the same from the server to my laptop I can get in just fine. I think my passwords are stored as ssha in the LDAP (I tried clear passwords and that dosen't work either).
View 1 Replies View RelatedI installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
Set up a new cluster service for a cifs share. Has these properties:
Service name = cifs_cases
Autostart is checked
name=cases type=GFS Scope=shared
[code]....
I'm trying to expand my Courier+MySQL+Postfix+PostfixAdmin server to use SASL logins on Postfix so I can relay on my server. After following several guides I still can't get it to work: Postfix logs show the user transcript and end with "Authentication failure" but it does not tell me what told it that the login failed. The messages log show this:
Feb 19 22:48:55 sportlaan-server saslauthd[7254]: do_auth : auth failure: [user=berend] [service=smtp] [realm=mydomain.com] [mech=pam] [reason=PAM auth error] Which I don't get because I don't think it should be using PAM... I think...
The setup is similar to this one: http://www.howtoforge.org/virtual_users_postfix_courier_mailscanner_clamav_centos_p6
My SASL config has this in it:
/usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
log_level: 3
authdaemond_path: /var/spool/authdaemon/socket
mech_list: plain login
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
I had 11.1 for some time, was working fine. decided to upgrade... long story short - did a fresh install with livecd of the 11.2. I use ldap server for authentication, its on the lan. configuration during install goes through fine. fetch dn, etc... then after the bootup - authentication error for any user except root. At the same time automounter works fine, ldap requests are going through for hosts (my local hostnames are also on this ldap server), I can edit users through YAST when logged on this box, but alas! even for "su - user" I get "incorrect password", whereas if I am root, then "su - user" gets me logged in as user. password does not go through!
View 3 Replies View RelatedI've compiled openssh-5.4p1 on RHEL 4.8 with Openssl 0.9.8m + pam It works perfect without pam (pam-0.77-66), both with password and public key auth. Whith pam enabled and LDAP (openldap-2.4.21, from scratch) something strange happens: system users: I can do ssh with both password and public key LDAP users: public key works for remote users, still I cannot do ssh with just password. I'm trying a custom PAM configuration, because the default one (even with authconfig + LDAP ) blocks ssh even with system users.
My pam SSHD configuration is:
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
[code]....
My LDAP users are ok: i can do "su - " remote LDAP (so that nss_ldap is OK), also getent passwd and getent group is ok.
Ldapscripts seems to be authenticating oddly but I am not sure why. Running 'ldapadd' works without issue:
<code>root@domainator:~# ldapadd -D cn=root,dc=example,dc=home -W
Enter LDAP Password:
<CTRL-D>
root@domainator:~#
</code>
However:
<code>
root@domainator:~# ldapaddgroup test
>> 01/03/11 - 22:16 : Command : /usr/sbin/ldapaddgroup test
ldap_bind: Invalid credentials (49)
ldap_bind: Invalid credentials (49)
Error adding group test to LDAP
Error adding group test to LDAP
</code>
Here's various parts of my /etc/ldapscripts/ldapscripts.conf:
<code>
SERVER="domainator"
BINDDN="cn=root,dc=example,dc=home"
BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd"
SUFFIX="dc=example,dc=home" # Global suffix
GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX)
USUFFIX="ou=Users" # Users ou (just under $SUFFIX)
MSUFFIX="ou=Computers" # Machines ou (just under $SUFFIX)
GIDSTART="10000" # Group ID
UIDSTART="10000" # User ID
MIDSTART="20000" # Machine ID
</code>
/etc/ldapscripts/ldapscripts.passwd permissions are root:root, 0400 a
And I have quadruple checked my password is correct. Is there a way to print out debugging from ldapscripts so I know what commands it is generating?
I have a query regarding login to roundcube via dovecot ldap. I have installed and set up the openldap on Ubuntu Server 11.04 with the help of the following article [URL]. I have also installed Postfix, Dovecot, Dovecot-ldap and roundcube as the mail client. Then, I went on to test if I can login through roundcube. I received "login failed". I'm sure the dovecot is running fine as well as Postfix and openLDAP server. All I can find from the log was "auth(default) LDAP: Can't connect to server: localhost".
View 1 Replies View RelatedI'm using Ldap to authenticate some services in my company, but from a few days, i finds some errors saying
Quote:
I'm using webmin to manage its servces.
I manage to get RHEL Authenticate to Active Directory using LDAP and Kerberos. When a user authenticate to the Unix, the Unix system will check (using Kerberos) to the AD. However I just found out that when the RHEL (LDAP) did the authentication to the AD (to ensure that the RHEL has the right permission to query the LDAP database), it uses simple bind which send the username/password unencrypted over the network.
1) Can We use Kerberos as well? for the initial authentication described above?
2) If Not possible, is there a way to encrypt the username/password in the storage (ldap.conf -because it's world readble)? I know that for tranmission I can use SSL.
I'm trying to set up a Samba share that's available over the network to a group of users in our institution. Our infrastructure is based on Novell Netware (slowly migrating to OES), and thus our authentication is managed by eDirectory. All our other shares are managed by Netware, but this one lives on a standalone Ubuntu server.
I've succeeded in setting up the share, and users can access it without a problem. The trouble is that currently it only works by treating all users as guest users and giving them the same privileges over the share. Is it possible to get Samba to authenticate users against eDirectory via LDAP? Would I have to get Ubuntu to authenticate against eDirectory, then Samba against Ubuntu, or can Samba do it directly? I've not really worked with LDAP before so I'm unsure where to start.
I am using centos 5.2 with kernal version "kernel-2.6.18-92.el5" i cant play mp3 songs in any of the players provided..can u help me in installing "vlc" or any other versatile player..thnx in advance.
output of "yum list *videolan*"
yum list *videolan*
Error: No matching Packages to list
I have an i5 Thinkpad running Windows 7 64-bit. VT is enabled in the BIOS. I have installed vmware server v 2.0.2 but am unable to install Centos 5.5 x86_64 as a guest OS. The steps that I followed are as follows:1. Created a new VM, specifying RHEL 5 64-bit as the intended guest OS (per vmware documentation - Centos is not available as a selection2. Downloaded all 8 iso files for Centos v5.5 64-bit3. Modified the CD/DVD drive to 'connect at power' and use an iso with the path pointing to the x86_64 iso 1 of 8When I power up the VM, the console window displays 'ISOLINUX 3.11 2005-09-02 Copyright (C) 1994-2005 H. Peter Anvin' and nothing else. The installation splash screen never appears. As a test, I downloaded the first of 7 iso files for the 32-bit version of Centos 5.5 and pointed the CD/DVD drive to that iso. In that case, the installation starts as expected. I would really like to get the 64-bit version installed and running.
View 3 Replies View Relatedi am not able to port 8080 on my CentOS VPS server.I have followed all the instuctions as mentioned on iptables wiki page.Also I am able to telnet my ip address and port number, But can not access from browser.
View 6 Replies View RelatedI have two Centos 5 servers one running Asterisk with PHP installed and another sever running as a MySql Database server, at the moment when I try run simple script to see if I can connect to the remote server I get the following error.Quote:Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
View 2 Replies View RelatedI transfer my dedicated to another i put same version on it php 5.2.9 and ldap module installed but couldnt activate it on new server is there something i missing ?
View 11 Replies View RelatedHow can I make the user in remote LDAP server to be used to authenticate Local Linux server ?
View 5 Replies View RelatedI've Got one Problem with My Computer soon after success installation of when the boot-loader ask me to choose OS at CENTOS 5.4, multi boot boot-loader if i choose windows then computer tries to boot windows but fail and give the error message that there is a problem on reading the hard disk, But when i restart it and start with LINUX then computer start successful with no error message, now i do not know what to do cause i need to use Windows and all my programs are in windows..
View 1 Replies View RelatedWe use Centos 5.3 which we deploy to dozens of boxes in different buildings throughout our shop. I set up KDE to be the default windows manager for these boxes, although the individual users can choose for themselves. We use LDAP authentication, and typically logging in through the LDAP into KDE goes without a hitch. However, a couple users are having problems logging in to their accounts through KDE, my boss and my boss's boss to be specific. We have NFS shares which serve up each users home directory regardless of where they connect in our system. When my boss, or his boss, try to log in, they put in their credentials, and LDAP accepts them, but KDE never starts. The splash screen which displays that it's "initializing system services" or "loading desktop" doesn't even come up, it just has a picture of the desktop with a cursor, and hangs there. I've tried deleting the .kde directories in their home folders, but that doesn't work. Those two are the only accounts out of our entire system that have problems logging in to KDE, and I have no idea why!
I've looked in the .xsession-errors file, here's a copy code...
I know it isn't the xset or "no profile" errors because all the users I've checked get those too, but they can log in just fine. Both xsession files on both users are almost identical to this one, it just seems that KDE will never start.
How to install open ldap on CentOS 5
View 1 Replies View Related